1 Claims: 

2 Claim 1 

3 A user authentication method, whereby a one-way function 

4 F, which should satisfy v = F(g, -s), is determined by 

5 employing an integer g that is defined in advance for a 

6 relation between a public key v and a secret key s of a 

7 prover computer, and whereby a relation is verified 

8 between said prover computer and each of multiple 

9 verifier computers, comprising the steps of: 

10 said prover computer generating a random number a, 



11 obtaining a cryptogram A = the function F(g, a), and 
i;d 12 transmitting said cryptogram A to said verifier . 



a 

13 computers; 

W 14 said verifier computers generating a random number 

If! 

''U 15 b, obtaining a cryptogram B = the function F(g, b) and a 

« 16 cryptogram X « the function F (A, b) , and transmitting 

i!3 

17 said cryptograms B and X to said prover computer; 
i*y 18 said prover computer determining whether a relation 

p 19 of said cryptogram X = the function F (B, a) has been 

20 established and generating a random number c when said 

21 relation has been established, obtaining a cryptogram C 

22 = the function F(g, c) and a cryptogram Y = the function 

23 F(B, c), or a cryptogram C = the function F (A, c) r a 

24 cryptogram Y = the function F(X, c) and a cryptogram Z = 

25 a function H(a f Y, s) , and transmitting said cryptograms 

26 C and Y or said cryptograms C, Y and Z to said verifier 

27 computers; and 

28 said verifier computers, when said cryptogram Y = 

29 the function F(C, b) and said cryptogram A = a function 
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J(v, Y, g, Z) are established, determining that said 
relation between said prover computer and said verifier 
computer is correct. 

Claim 2 

The user authentication method according to claim 1, 
wherein said public key v is obtained by employing prime 
numbers p and q that satisfy (q|p - 1), and by defining 
an element of the order q as said integer g. 

Claim 3 v 

The user authentication method according to claim 1, 
wherein, by using said public key v and said secret key 
s, said function F acquires a relation v = F(g, -s) = g" 3 
mod p. 

Claim 4 

The user authentication method according to claim 1, 
wherein, when a relation X - B a mod p is established, 
said prover computer generates said random number c. 

Claim 5 

The user authentication method according to claim 1, 
wherein said function H has a relation H(a, Y, s) = a + 
Ys mod q. 

Claim 6 

The user authentication method according to claim 1, 
wherein said function J has a relation J(v f Y, g, Z) = 
v Y g 2 mod p. 
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1 Claim 7 

2 A storage medium on which a user authentication program, 

3 which is to be read by a prover computer, is stored 

4 whereby a one-way function F, which should satisfy v = 

5 F(g, -s) , is determined by employing an integer g, which 

6 is defined in advance for the relation between a public 

7 key v and a secret key s of said prover computer, and 

8 whereby a relation is verified between said prover 

9 computer and each of multiple verifier computers, said 
10 user authentication program* permitting said prover 

O 11 . computer to perform: 

(q 12 a process for generating a random number a and for 

^ 13 obtaining a cryptogram A = the function F{g, a), and for 

| : u 14 transmitting said cryptogram A to said verifier 
in 

15 computers; 

ii 16 a process for receiving cryptograms B and X from 

,«* 

?™ 17 said verifier computer, and for employing said 

fU 18 cryptograms to determine whether a relation a cryptogram 

I« 19 X = the function F (B, a) has been established; 

!•* 20 a process for generating a random number c when 

21 said relation has been established; and 

22 a process for obtaining a cryptogram C = the 

23 function F(g, c) and a cryptogram Y = the function F(B, 

24 c), or a cryptogram C = the function F(A, c) , a 

25 cryptogram Y = the function F(X, c) and a cryptogram Z = 

26 the function H(a, Y, s) ; and 

27 a process for transmitting said cryptograms C and 

28 Y, or C, Y and Z, to said verifier computers. 
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Claim 8 

A storage medium on which a user authentication program, 
which is to be read by a prover computer, is stored 
whereby a one-way function F, which should satisfy v = 
F(g, -s), is determined by employing an integer g f which 
is defined in advance for the relation between a public 
key v and a secret key s of said prover computer, and 
whereby a relation is verified between said prover 
computer and each of multiple verifier computers, said 
user authentication program permitting said verifier 
computers to perform; 

a process for receiving a cryptogram A from said 
prover computer and for generating a random number b; 

a process for obtaining a cryptogram B - the 
function F(g, b) and a cryptogram X = the function F (A, 
b) , using said random number b and said cryptogram that 
is received, and for transmitting said cryptograms B and 
X to said prover computer; 

a process for receiving, from said prover computer, 
a cryptogram C = the function F(g, c) and a cryptogram Y 
= the function F(B, c), or a cryptogram C = the function 
F (A, c) , a cryptogram Y = the function F(X f c) and a 
cryptogram Z ^ the function H(a, Y, s); and 

a process, based on said cryptograms C and Y or C, 
Y and Z that are received, for verifying a relation 
between said verifier computer and said prover computer 
when two relations of said cryptogram Y » the function 
F(C, b) and said cryptogram A = the function J(v, Y, g, 
Z) are established at the same time. 
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Claim 9 

A user authentication apparatus for a prover computer, 
wherein a one-way function F, which should satisfy v = 
F(g, -s), is determined by employing an integer g, which 
is defined in advance, for a relation between a public 
key v and a secret key s of said prover computer, and 
wherein a relation is verified between said prover 
computer and each of multiple verifier computers, said 
user authentication apparatus comprising: 

transmission means, for generating a random number 
a and obtaining a cryptogram A = the function F(g, a), 
and for transmitting said obtained cryptogram A to said 
verifier computers; 

reception means, for receiving cryptograms B and X 
from said verifier computers; 

verification means, for employing said cryptograms 
B and X to determine whether a relation of said 
cryptogram X = the function F(B, a) has been 
established; 

cryptogram computation means, for generating a 
random number c when it has been ascertained that said 
relation has been established, and for obtaining a 
cryptogram C = the function F(g, c) and a cryptogram Y = 
the function F(B, c) , or a cryptogram C - the f unction - 
F (A, c) , a cryptogram Y = the function F(X, c) and a 
cryptogram Z = the function H(a, Y, s); and 

cryptogram transmission means, for transmitting 
said cryptograms C and Y or C, Y and Z to said verifier 
computers . 
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Claim 10 

A user authentication apparatus for a prover computer 
wherein a one-way function F, which should satisfy v = 
F(g, -s), is determined by employing an integer g, which 
is defined in advance, for the relation between a public 
key v and a secret key s of a prover computer, and 
wherein a relation is verified between said prover 
computer and each of multiple verifier computers, said 
user authentication apparatus comprising: 

reception means, for receiving a cryptogram A from 
said prover computer; 

transmission means, for generating a random number 
b, and for employing said random number b and said 
cryptogram A that is received to obtain a cryptogram B = 
the function F(g, b) and a cryptogram X = the function 
F(A, b), and for transmitting said cryptograms B and X 
to said prover computer; 

cryptogram reception means, for receiving from said 
prover computer a cryptogram C = the function F(g, c) 
and a cryptogram Y = the function F(B, c) or a 
cryptogram C = the function F (A, c), a cryptogram Y = 
the function F(X, c) , and a cryptogram Z = the function 
H(a, Y, s); and 

verification means, for performing a procedure, 
based on said cryptograms C, Y and Z that are received, 
for verifying a relation between said verifier computers 
and said prover computer when two relations of said 
cryptogram Y = the function F(C, b) and said cryptogram 
A = the function J(v, Y, g, Z) are established at the 
same time. 
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1 Claim 11 

2 A user authentication system comprising: 

3 the user authentication apparatus for said prover 

4 computer according to claim 9; and 

5 a plurality of user authentication apparatuses for 

6 said verifier computers according to claim 10. 

7 Claim 12 

8 A user authentication system, wherein a one-way function 

9 F, which should satisfy v = F(g, -s), is determined by 

□ 10 employing an integer g, which is defined in advance, for 

tg. 11 the relation between a public key v and a secret key s 

12 of a prover computer, and wherein a relation is verified 

Uj 13 between said prover computer and each of multiple 

. : ~ 14 verifier computers, comprising: 

* 15 transmission means, for said prover computer, for 

i|y 16 generating a random number a and obtaining a cryptogram 

Ty 17 A = the function F(g, a), and for transmitting said 

l«s 18 obtained cryptogram A to said verifier computers; 

19 reception means for said verifier computers, for 

20 receiving said cryptogram A from said prover computer; 

21 transmission means for said verifier computers, for 

22 generating a random number b with which said cryptogram 

23 A is employed to obtain a cryptogram B = the function 

24 F(g, b) and a cryptogram X = the function F(A, b) , and 

25 for transmitting said cryptograms B and X to said prover 

26 computer; 

27 reception means for said prover computer, for 

28 receiving said cryptograms B and X from said verifier 
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1 computers; 

2 verification means for said prover computer, for 

3 employing said cryptograms B and X to determine whether 

4 a relation of said cryptogram X = the function F(B, a) 

5 has been established; 

6 cryptogram computation means for said prover 

7 computer, for generating a random number c when it is 

8 ascertained that said relation has been established, and 

9 for obtaining said cryptogram C = the function F(g, c) 

10 and said cryptogram Y = the function F(B, c) , or said 

11 cryptogram C = the function F(A, c) and said cryptogram 

^3. 12 Y = the function F(X r c) , and a cryptogram Z = the 

i .* i. 

"tie? 

ijgf 13 function H(a, Y, s); and 

' 14 cryptogram transmission means for said prover 

su 

UJ 15 computer, for transmitting said cryptograms C, Y and Z 

[1j 16 to said verifier computers; 

« 17 cryptogram reception means, for said verifier 

ui 18 computers, for receiving said cryptograms C, Y and Z 

!'U 19 from said prover computer; and 
CO" 

q 20 verification means for said verifier computers, for 

^ 21 employing said cryptograms C, Y and Z that are received 

22 to verify a relation between said verifier computers and 

23 said prover computer when two relations of said 

24 cryptogram Y = the function F(C, b) and said cryptogram 

25 A = the function J(v, Y, g, Z) are established at the 

26 same time. 

27 13. A computer program product comprising a computer 

28 usable medium having computer readable program code means 

29 embodied therein for causing user authentication, the 
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1 computer readable program code means in said computer 

2 program product comprising computer readable program code 

3 means for causing a computer to effect the apparatus of 

4 claim 9. 

5 14 . A computer program product comprising a computer 

6 usable medium having computer readable program code means 

7 embodied therein for causing user authentication, the 

8 computer readable program code means in said computer 

9 program product comprising computer readable program code 

10 means for causing a computer to effect the apparatus of 

11 claim 10. 

12 15, A computer program product comprising a computer 

■is* 

Ly 13 usable medium having computer readable program code means 

l "L 14 embodied therein for causing user authentication, the 

'sis* 

a 15 computer readable program code means in said computer 

a- 

1 7i 16 program product comprising computer readable program code 

HJ 17 means for causing a computer to effect the system of 

18 claim 11. 

19 16. A computer program product comprising a computer 

20 usable medium having computer readable program code means 

21 embodied therein for causing user authentication, the 

22 computer readable program code means in said computer 

23 program product comprising computer readable program code 

24 means for causing a computer to effect the system of 

25 claim 12. 

26 17. An article of manufacture comprising a computer 
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1 usable medium having computer readable program code means 

2 embodied therein for implementing a user authentication 

3 method, the computer readable program code means in said 

4 article of manufacture comprising computer readable 

5 program code means for causing a computer to effect the 

6 steps of claim 1. 
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